Patient EHR data to be more closely regulated in California

View all blog posts under Articles

Under new legislation signed into law by California Governor Jerry Brown, healthcare providers will have to track all changes made to patient health records in medical informatics systems to ensure privacy and security, according to Information Week.

Senate Bill 850, titled the Confidentiality of Medical Information Act, mandates that all changes made to patient information must be documented to maintain improved standards of accountability. Introduction of the new regulations follows a series of recent high-profile security breaches involving clinical informatics systems. The new regulations were drafted after consultation with the California Medical Association and the California Hospital Association.

“The record of any change or deletion shall include the identity of the person who accessed and changed the medical information, the date and time the medical information was accessed, and the change that was made to the medical information,” according to an executive summary of the legislation published by the Healthcare Information and Management Systems Society (HIMSS).

One potentially problematic area not addressed by the legislation is that of varying formats of change logs. Currently, although records noting the date, time and identity of the medical professional making changes to the data will be kept, the format of the logs will not be standardized across varying medical informatics systems throughout Californian hospitals and healthcare facilities. Such differences in reporting protocols could potentially complicate matters from a legal standpoint.

The HIMSS summary of SB 850 also mandates that in addition to healthcare providers and regulatory professionals, legal counsel will be able to request the logs of changes made to patient health data under the new laws. Patients will still be able to request copies of changes made to their medical data under Californian Freedom of Information Act regulations.